File: 3.2.15.txt

package info (click to toggle)

python-django 3%3A5.2.5-1

links: PTS, VCS
area: main
in suites: experimental
size: 61,236 kB
sloc: python: 361,585; javascript: 19,250; xml: 211; makefile: 182; sh: 28

file content (15 lines) | stat: -rw-r--r-- 624 bytes

parent folder | download | duplicates (5)

===========================
Django 3.2.15 release notes
===========================

*August 3, 2022*

Django 3.2.15 fixes a security issue with severity "high" in 3.2.14.

CVE-2022-36359: Potential reflected file download vulnerability in ``FileResponse``
===================================================================================

An application may have been vulnerable to a reflected file download (RFD)
attack that sets the Content-Disposition header of a
:class:`~django.http.FileResponse` when the ``filename`` was derived from
user-supplied input. The ``filename`` is now escaped to avoid this possibility.